The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it ingests and processes untrusted data from external Power Automate environments which could contain adversarial instructions.
Ingestion points: The tools get_live_flow, get_live_flow_run_action_outputs, and get_live_flow_runs (found in SKILL.md and references/tool-reference.md) retrieve JSON-formatted definitions and outputs from the FlowStudio server.
Boundary markers: The provided documentation and code helpers do not suggest the use of delimiters or 'ignore' instructions to isolate this external data from the agent's primary system prompt.
Capability inventory: The skill possesses the capability to modify flow logic (update_live_flow), trigger executions (trigger_live_flow), and cancel runs (cancel_live_flow_run), providing a path for an injection to result in unauthorized actions.
Sanitization: The skill performs standard JSON parsing via json.loads or JSON.parse but does not implement content validation or sanitization to detect embedded instructions.
[EXTERNAL_DOWNLOADS]: The skill initiates network requests to an external API endpoint to manage Power Automate resources.
The Python and Node.js helpers in SKILL.md connect to https://mcp.flowstudio.app/mcp using the x-api-key header for authentication.
These connections are used to fetch tool metadata and execute cloud flow operations.

flowstudio-power-automate-mcp